The Malta Gaming Authority has issued a statement after an individual claimed responsibility for a “system breach” detected by the Maltese gambling regulator last week.
Writing on X, Lilith Wittmann, a German security researcher, said she hacked the MGA and that she will “expose the organised crime enablement schemes you created while presenting yourselves as a ‘legitimate public service’.”
She threatened the “immediate release of my entire archive of igaming-related data” if the German authorities extradited her to Malta, where she said “I would face up to 10 years’ imprisonment for hacking a public service.”
In response, the MGA said it is “aware of public statements made by an individual claiming responsibility for unauthorised access to one of the Authority’s systems and making a series of allegations and threats in that context.”
MGA ‘condemns unauthorised access’
“The MGA condemns any unauthorised access to its systems and any extraction, handling or dissemination of data obtained through such activity,” the regulator added.
“Such conduct is unacceptable and incompatible with lawful engagement with public institutions and established governance frameworks.
“The Authority operates within a robust legal and regulatory framework and carries out its statutory functions with integrity, independence and accountability. Allegations made in the context of unauthorised system access are unsubstantiated and do not undermine the MGA’s role as a regulator committed to transparency, due process and the rule of law.
“For more than two decades, the MGA has operated within established legal and governance frameworks and will continue to do so. Ensuring that the Authority’s work, and the industry it regulates, operate with integrity and accountability is paramount.”
MGA identifies ‘system breach’
Last week, the MGA said it had “identified a breach within one of its systems and immediately activated its internal response protocols.”
“Upon identification, all necessary containment and mitigation measures were implemented as a precaution and the Authority has dedicated all relevant technical and operational resources to a thorough investigation,” it said.
The MGA noted that based on information it had at an “early stage,” the activity may be attributable to “an individual presenting themselves as a security researcher.”
“Investigations remain ongoing to establish the full facts and to ensure that all appropriate safeguards are in place,” the MGA said.
“The Authority is treating this matter with the utmost seriousness and continues to work closely with its technical teams and the relevant authorities to assess the situation comprehensively. Further updates to impacted entities will be provided in due course.”
Read more: MGA calls on operators to improve self-exclusion compliance
